Becoming Professional: A Blog

Posts Tagged ‘privacy

Facebook Like Button

by Sean MacEntee on Flickr

Privacy is a big concern, particularly on Facebook. And for absolutely good reason, too. After all, I’m sure we all have those ex-friends we not only never want to see again, but would like to never see us again, too. Keeping who you want close, close and who you want far away as far away as possible is only natural.

That includes companies. These days there is a barter system going on with our private information. We like a brand’s page and allow them to see our demographics in exchange for potentially fun posts and, even better, free stuff. Sounds like a deal, as long as I’m the one who gets to okay it. This same barter is seen on Amazon, where the site learns what you like and makes, sometimes very astute, recommendations. But only when you’re signed in.

But, what about those cases when you’re not signed in. When you didn’t sign up for something and they’ve scraped your data from your Facebook profile? You didn’t sign up for it. I didn’t sign up for it. How can we avoid this danger?

But, is there really a privacy threat?

I mean, no doubt Facebook has privacy issues. Otherwise people wouldn’t be complaining left and right. I do not doubt this, and will not argue against it.

But I will point out that it’s incredibly difficult to get at your public data on Facebook by using the legal Open Graph API. I know because I tried to access my own public data  and that of my friends through that API while not signed in. Here’s what I found:

my open graph informationGo ahead and try it on your own account. All you need is your account ID number, which you can find here:

screen capture of my Facebook ID number in my profile's URLThen just type in followed by that number into your browsers URL bar and – tadaa! You can see what is available publicly about you.

I don’t know about you, but I really don’t care if people know I’m female, speak American English, and thus assume I’m an American female. As far as my name goes, I use a pseudonym online, so have fun!

Notice that even if my privacy settings were to make everything public, they still wouldn’t show up with this public Open Graph API search. That’s because Facebook doesn’t use the word public here the same way that we do. The information displayed above is “public information.” But in order to get at the information I’ve shared with the world on my Facebook Profile, any application developer needs an “access token.”

To get an access token, Facebook’s developer website explains that an app must go through three stages: user authentication, app authorization, app authentication. User authentication is just verifying that the user is who he says he is, same for app authentication. App authorization, however, is that bit where we’re asked to allow the app access to various bits of our data.

Farmville asking for my personal dataSee that bit up at the top, by my profile pic? “Access my basic information” really means “access all the public stuff I’m too silly enough not to set as private on my profile security settings.”

“Public” does not mean “public”

Let’s back up a second. “Public” in the eyes of Facebook app developers is basic demographic information. “Public” in the eyes of you, me, and most consumers is the stuff we set as available for strangers to see on our profiles. Companies and other systematic organizations cannot even see what we allow complete and total strangers to see. At least through this API.

I’m actually a bit reassured by that.

Of course, I’m sure there are work-arounds, particularly for the less than legal. However, at least when it comes to companies trying to spy into my life using the Open Graph API, I can rest assured that it’s a bit more complicated than just searching my name with this tool and that if they want to legally pry into my life, I have to give them permission.

*Note: I am not a Privacy Expert. I just tweedled around with the Open Graph API and this is what I found. As I said, I’m sure that there are other ways to spy on us. I just don’t think this is one of them. So you should always set your privacy settings as high as possible!


Image of a man in a mask taking a photo over a wall

Image by Anonymous9000 on Flickr. Click to see original location.

I read this post by Chris Zaharias, SVP of Sales at Dapper, an online advertising technology company. In it, he claims that the problem with ad-targeting is not the privacy intrusions, but rather it’s the excessive frequency of ads and poor targeting. Chris has a point, but privacy is still the issue, just not in the way most people think. Because of that, the solutions being suggested, both self-regulation and legislated regulation, aren’t solving the true privacy issue: advertiser stalking.

See, if a stalker just follows you around, you feel like your privacy has been invaded. He might never invade your home. He might even refrain from taking photos. But if the man is following you everywhere you go, yes, he is invading your privacy. You have the right to go places without someone intruding on your day. What’s the difference between being stalked by a person in real life from being stalked by an advertisement in the digital world?

Not much. Of course, the company can know about the websites you visit without showing you an ad. That’s what cookies do, after all, let the company know upon your arrival to the website that you’ve viewed such and such content already. They can even tell if you put something in your Amazon basket but didn’t buy. This could be viewed as an invasion of privacy. Except that you can often tell where a person has been in the real world by knowing a little bit about a person and extrapolating. That’s what demographic research does. It takes your characteristics and figures out the probabilities of you behaving in certain ways. True, with cookies, there is no probability. They know how you behave.

Still, considering the benefits of cookies (the added personalization, deals, and greater relevance they can make available for advertisers and consumers), I think it’s okay to let a company know what websites I’ve visited. As long as they don’t use this information to stalk me, that is. Again, I’m drawing a distinction between having information and using it to be creepy.

I seem to be one of the few people, who are making this distinction. The two proposed solutions to the “online advertising privacy issue” certainly don’t seem to be addressing it.

The FTC has provided a glimpse at what might become the legislated solution. They released a privacy report in which they suggested a universal “Do not track” option for consumers, according to this NPR article. Sounds like a solution to my problem, right? If you can’t track me, you can’t stalk me. This solution has been positioned as the “Do not call” list for the digital world, taking a person out of the personalization ecosystem of the web entirely. Of course, when you’re not tracked, you loose all the benefits of a personalized web. Considering that personalization seems to be where the web is going, this might not even be practical for consumers, regardless of their privacy concerns. As Braden Cox said in his recent blog post Do Not Track – A Single “Nuclear” Response for a Diversity of Choices,  what we really want is something in the middle of yes or no that “would represent an educated setting where consumers understand the tradeoffs of interest-based advertising – in return for tracking your preferences and using them to target ads to you, you get free content/services.” And if you don’t opt-out? They can follow you all over the web with impunity.

the icon that consumers see when the ad uses behavioral targeting

Image from the Self-Regulation Program. Click to view original location.

The other approach, which Braden suggests provides a middle ground solution, is self-regulation. The Self-Regulatory Program for Online Advertising is a group of large advertisers who have agreed to be open and transparent with how they use consumer data, provide an easy opt-out mechanism, and display the icon to the left in ads that lets consumers know when the advertisers are using cookie data. While it would be lovely to have more information, there are drawbacks. One is that this is a voluntary program, and even if you opt out from receiving targeted ads from all of the member advertisers, there are still plenty of advertisers who are not members. I think this approach is too hard for the consumer to keep track of because just like no one reads the fine print, no one will go to the Self-Regulatory Program’s website and go through the list of all their advertisers in order to weed out the ones they don’t trust.

And oh, it doesn’t prevent stalking.

So, I’d rather let the cookies work the way they work now, but with the advertiser’s respecting my space – though it would be nice to know when they are using my data and how. I can’t deny that. Any one in real life can observe me for a day and pretty accurately tell my routine and my habits. My grocery store probably knows more about me than an online advertiser, much less my credit card company! But online advertisers stalk us and our credit card companies don’t (unless you owe them money, and that’s another story).  If advertisers just stopped stalking, we wouldn’t have a problem because our privacy would not have been violated.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 56 other followers

Who Am I?

I am a Digital Native who is trying to puzzle out what exactly that means. I share my thoughts on social media, digital business models, and PR here on this blog.

I am currently getting my Masters in Digital Marketing from Hult International Business School, having gotten my B.S. in Marketing from Arizona State University. Everything is on track and I am making headway towards my dream: World Domination... or being a productive, helpful citizen and marketer. Whichever comes first.

Don't hesitate to get in touch. I Tweet daily at @KateDavids and also have a science fiction and fantasy blog ( and Twitter (@Masked_Geek).

%d bloggers like this: